Cisco Threat Responseis built upon a collection of APIs; which can be used to integrate your Cisco and third-party security products, automate the incident response process and manage threat intelligence and security context data in a single location. Over the next few months, our team will be working with ecosystems partners who already integrate with Cisco Threat Grid, Cisco AMP for Endpoints and Cisco Umbrella, to also integrate with Threat Response. Our priority will be providing engineering expertise to our Threat Intelligence, SIEM and SOAR partners; however, we support an open integration ecosystem.

Some of the things you can do now with the Threat Response API include:

• Enrich an IP address, or file hash
• Load threat intelligence into your Private Intel Store
• Manage your casebooks and investigation snapshots
• Automate response actions
• Provide a link for users to click and Investigate an alert or observable

You can find the API documentation here.

Threat Response Integration Scripts

The first three open-source integration examples, by Michael Auger, are available on the Cisco Security GitHub repository.

• Threat Response